• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What in the world is DMW.exe?

John Connor

John Connor

Lifer
Not Dwm.exe, it's dmw.exe and it seems to belong to Firefox. I can't find any info on it and it is sucking a chunk of RAM.

It just shot up to over 200 MB! I'm scanning with Hitmanpro now. I just scanned with TDsskiller. I don't think I have malware, but I just updated Firefox and this crap is sucking up the RAM along with the Firefox process. Good thing I installed another Gig of RAM, because I'm using 2 GB on the freaking laptop!

CtZdV7y.jpg
 
Last edited:
No threats with Hitmanpro.

Just did a hijackthis scan and found it. It resides in Program Files\Common Files\Lenovo\. It was just created today and it's like a whole new Firefox install.
 
Last edited:
Well I packed the Lenovo folder up in a 7z folder and scanned it with Virustotal and of all anti-virus programs Microsoft labeled it a Trojan and Kingsoft said it was some virus. I deleted the Lenovo folder and restarted the computer and this poped up (refer to image). Good thing I had Controlpanel CPL installed, I went and found what was starting up and it was in HKLM and was a script. So I deleted it and no more startup error. The only thing I did was uninstall Glary Utilities, Mumble and install Quicktime alternative. I think it was left behind from Glary Utilities.

Nothing found this crap! I run Bitdefender free along with Comodo firewall, although the defense shield was off. I turned it back on.

SSr84rv.jpg
 
Last edited:
yes dmw.exe its malware, but dwm.exe its legit microsoft windows manager, only saying just in case.. 🙂
 
I did get rid of it. More of a nuisance really. After I had posted this the thing was sucking up 300 MB of RAM! Not sure where it came from. Either from Glary Utilities or Mumble. Most likely Glary Utilities. I will install to a virtual machine and see if I get the same thing.
 
I made this account just to reply to this thread. I recently found this on my system as well. I first noticed Wscript.exe running when I was not aware of any scripts that I had installed. My most recent installation on my system was Xsplit, Microsoft Movie Maker and K-lite codecs. I then noticed this evening that every fullscreen application I was running kept having the taskbar pop up for no apparent reason. After being in the Tech field for a few years I followed my nose and went straight to task manager and found this little ah heck sitting there for me. I stopped it and began searching the web right away. I found this page and it helped me locate the file. My location was Proframfiles(x86)/common files/Sparc I determined that it was indeed "another firefox installation" and packaged it and shipped it to Virustotal.

virustotal: https://www.virustotal.com/en/file/...cbaa637b47f6e2b1f38dcc13/analysis/1390548421/

6/44 is more than enough to have me take it off of my system. It was attempting to run in the startup files so I ran a MSConfig and removed it and have not had the message appear that @John Connor had happen to them. A computer restart and a few virus scans revealed nothing.

Current AV/AS on my PC: Spybot S&D, Avast, Malwarebytes, Windows Defender.

None of these caught it either and none resulted in any hits when I used them to scan the Sparc folder.

So far so good on cleanup. I will reply in 48 hours as to any situations that arise from this. If I do not reply to this, please presume that all is well and that the manual removal worked.
 
I have something called StartupCPL that showed the startup script and the path to where it was. If you instal StartupCPL it will be in the control panel. I never mess with msconfig.
 
Hello, I made this account because I have recently been afflicted by the dmw.exe. Although I have now fixed the problem (with help from this site and others), I would like to say that the files containing the malicious programs were not under a Lenovo file for me.
They were under Local Disk/Program Files (x86)/Common Files/BlueWare
I seem to have gotten these files when I downloaded XP Codec to watch a video a friend had e-mailed me. I knew something was wrong when my anti-virus software was detecting and blocking malicious URLs and websites even though I was not actively browsing the internet.
Just putting this out there, in case someone cannot find the culprit files under Lenovo. Check for something called BlueWare, and please be wary when downloading XP Codec.
 
John Connor said:
Well I packed the Lenovo folder up in a 7z folder and scanned it with Virustotal and of all anti-virus programs Microsoft labeled it a Trojan and Kingsoft said it was some virus. I deleted the Lenovo folder and restarted the computer and this poped up (refer to image). Good thing I had Controlpanel CPL installed, I went and found what was starting up and it was in HKLM and was a script. So I deleted it and no more startup error. The only thing I did was uninstall Glary Utilities, Mumble and install Quicktime alternative. I think it was left behind from Glary Utilities.

Nothing found this crap! I run Bitdefender free along with Comodo firewall, although the defense shield was off. I turned it back on.

SSr84rv.jpg
Click to expand...

I seem to have the same script stubbornly hiding in my computer. I tried installing CPL, but the installation fails (a message about a file not copying properly) every time. Any ideas?
 
HelloMate said:
I seem to have the same script stubbornly hiding in my computer. I tried installing CPL, but the installation fails (a message about a file not copying properly) every time. Any ideas?
Click to expand...
It sounds like you need to disinfect your system first. It could very well be blocking the installation of any tools to protect itself.
 
I see a pattern emerging here - all you people complaining about this .exe file had either installed some video codec packs *or* QT Alternative on your machines...

I wonder if using VLC wouldn't eliminate all these headaches?
 
ViRGE said:
It sounds like you need to disinfect your system first. It could very well be blocking the installation of any tools to protect itself.
Click to expand...
Yup, in this situation I like to either run MBAM Chameleon or boot into safe mode, run rkill then Combofix, then Malwarebytes AntiRootkit then MBAM full scan and maybe Super AntiSpyware if I feel it's needed. Then round it off with Adwcleaner. Best part is: all freeware. When this battery of tests turns up clean, you can be sure it's sparkly.
 
AnitaPeterson said:
I see a pattern emerging here - all you people complaining about this .exe file had either installed some video codec packs *or* QT Alternative on your machines...

I wonder if using VLC wouldn't eliminate all these headaches?
Click to expand...
ffdshow - clean since forever. Just not the shintok build or however it's spelled. Right away that drops malware.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top